Facebook agrees to pay $550 million in class-action facial recognition lawsuit


Facebook's settlement total

Smith Collection/Gado/Archive Photos/Getty Images

Facebook stated today that it’s agreed to a settlement of $550 million in a class-action lawsuit filed by users in Illinois. The case centers on Facebook’s facial recognition technology: specifically around who is allowed to harvest facial data and how long they’re allowed to store it.

The case states that Facebook’s tag suggestions, which use facial-recognition software to recommend tags for people in photos, violate an Illinois biometric privacy law.

Facebook denies the claims — For its part, Facebook has stated that the allegations have no merit. The company’s motion for a settlement — one much larger than even that of the Equifax data breach suit — is clearly in the hope of sweeping the case aside and moving on. “We decided to pursue a settlement as it was in the best interest of our community and our shareholders to move past this matter,” said a Facebook spokesperson.

A win for privacy... sort of — Facebook’s concession to a settlement is a win for those Illinois users, but it doesn’t bode well for the company’s stance on biometrics in the future. Basically: there aren't any changes coming to the way Facebook handles this data right now. By choosing to settle, Facebook is taking no responsibility — it’s a cop-out that’s only possible because the company is massively rich. The company’s been hit with plenty of questions about how it handles users’ biometric data, but it always manages to dodge the question and move on.

More comprehensive policies, please — Illinois’ biometric privacy laws are some of the best in the country, which allowed this case to be brought to Facebook at all — it allows for users to sue for up to $5,000 per violation. If similarly stringent policies were enacted at the federal level, Facebook would be forced to permanently shift its handling of and transparency around this kind of data.

As biometric recognition software is increasingly normalized, we’re going to need more comprehensive policies to protect users. The other option is to allow big tech companies to keep using our data in whichever ways they’d like. Which is no option at all.